Released November 1, 2006
This hotfix is ONLY for customers currently running:
- IMail Server 8.22
- Ipswitch Collaboration Suite 2.02
A vulnerability that allowed remote attackers to execute arbitrary code within the SMTP daemon was recently discovered. Because of compiler options used to prevent buffer overflow exploitation, arbitrary code execution does not work in 8.2x or 2006, but the exploit can be used to create a Denial of Service condition. Versions 8.1x and lower are vulnerable to the arbitrary code execution and versions prior to 8.1x may also be vulnerable. This vulnerability was processed through the Zero Day Initiative (ZDI), an initiative launched by TippingPoint, a division of 3Com.
This vulnerability has been addressed in a DLL we have made available to those running 2.02 of the Ipswitch Collaboration Suite and 8.22 of IMail Server. The steps to setup this DLL are included below.
Download IMail 8.22 Update
Download Ipswitch Collaboration Suite 2.02 Update
To install the the new DLL:
- Download SMTPProtocol.zip
- Stop the IMail Services
- In the top directory of IMail, rename smtpprotocol.dll to smtpprotocol.sav
- Extract the smtpportocol.dll from smtpprotocol.zip to the top directory of IMail
- Restart the IMail Services.
If you have any questions, please contact our Technical Support team.
Upgrade to IMail Secure Server 2006!
In IMail Secure Server 2006, we've delivered major improvements in Web Messaging and Web Administration as well as many other exciting new features.See all that's new in IMail Secure Server 2006
You may be eligible for discounts on IMail Secure Server 2006.
Enter your serial number to see what's available to you.